Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Unable to get Inbound NAT/Port-forwarding to work for all servers (2611XM)

Have set up outbound NAT overload for Internet access and inbound NAT port-forwarding to approx. 18 servers in order to provide access to these servers on the Internet. I do the same configuration for all of the servers, but find that only a few of them are working...the rest are not. I have checked and rechecked my configuration, ACLs etc and cannot see what I have done wrong. I have searched and read everything I could find to try and resolve this problem, but am currently at a loss as to why only some work. Any suggestion as to how to troubleshoot this problem an/or assistance would be greatly appreciated.

Thanks, Greg

xxx_distribution_1#sh ip nat stat

Total active translations: 1504 (0 static, 1504 dynamic; 1504 extended)

Outside interfaces:

FastEthernet0/0

Inside interfaces:

FastEthernet0/1, FastEthernet0/1.5, FastEthernet0/1.10, FastEthernet0/1.15

FastEthernet0/1.20, FastEthernet0/1.25, FastEthernet0/1.30

FastEthernet0/1.35, FastEthernet0/1.40

Hits: 4130866 Misses: 93029

CEF Translated packets: 4158864, CEF Punted packets: 110268

Expired translations: 109237

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 10 interface FastEthernet0/0 refcount 1469

-- Inside Destination

[Id: 2] access-list 101 pool xxx_webserver refcount 22

pool xxx_webserver: netmask 255.255.255.252

start 192.168.5.130 end 192.168.5.130

type rotary, total addresses 1, allocated 22 (2200%), misses 0

[Id: 3] access-list 102 pool xxx_SAP refcount 13

pool xxx_SAP: netmask 255.255.255.252

start 192.168.5.2 end 192.168.5.2

type rotary, total addresses 1, allocated 13 (1300%), misses 0

[Id: 4] access-list 103 pool xxx_sapbw refcount 0

pool xxx_sapbw: netmask 255.255.255.252

start 192.168.5.172 end 192.168.5.172

type rotary, total addresses 1, allocated 0 (0%), misses 3

[Id: 5] access-list 104 pool xxx_BI refcount 0

pool xxx_BI: netmask 255.255.255.252

start 192.168.5.82 end 192.168.5.82

type rotary, total addresses 1, allocated 0 (0%), misses 0

[Id: 6] access-list 106 pool xxx_Surveillance refcount 0

pool xxx_Surveillance: netmask 255.255.255.252

start 192.168.5.45 end 192.168.5.45

type rotary, total addresses 1, allocated 0 (0%), misses 0

[Id: 7] access-list 107 pool xxx_Prometric refcount 0

pool xxx_Prometric: netmask 255.255.255.252

start 192.168.5.3 end 192.168.5.3

type rotary, total addresses 1, allocated 0 (0%), misses 0

[Id: 8] access-list 108 pool xxx_CM/VUE refcount 0

pool xxx_CM/VUE: netmask 255.255.255.252

start 192.168.0.7 end 192.168.0.7

type rotary, total addresses 1, allocated 0 (0%), misses 6

[Id: 9] access-list 109 pool xxx_BI7_1 refcount 0

pool xxx_BI7_1: netmask 255.255.255.252

start 192.168.5.8 end 192.168.5.8

type rotary, total addresses 1, allocated 0 (0%), misses 0

[Id: 10] access-list 110 pool xxx_edu4u refcount 0

pool xxx_edu4u: netmask 255.255.255.252

start 192.168.5.16 end 192.168.5.16

type rotary, total addresses 1, allocated 0 (0%), misses 4524

[Id: 11] access-list 111 pool xxx_QC refcount 0

pool xxx_QC: netmask 255.255.255.252

start 192.168.5.18 end 192.168.5.18

type rotary, total addresses 1, allocated 0 (0%), misses 0

[Id: 12] access-list 112 pool xxx_EMULE refcount 0

pool xxx_EMULE: netmask 255.255.255.252

start 192.168.5.20 end 192.168.5.20

type rotary, total addresses 1, allocated 0 (0%), misses 0

[Id: 14] access-list 115 pool xxx_RDP refcount 0

pool xxx_RDP: netmask 255.255.255.252

start 192.168.5.11 end 192.168.5.11

type rotary, total addresses 1, allocated 0 (0%), misses 30

[Id: 15] access-list 116 pool xxx_CONTACT/CVS refcount 0

pool xxx_CONTACT/CVS: netmask 255.255.255.252

start 192.168.5.111 end 192.168.5.111

type rotary, total addresses 1, allocated 0 (0%), misses 177

  • LAN Switching and Routing
1 REPLY
Silver

Re: Unable to get Inbound NAT/Port-forwarding to work for all se

After you configure the IOS Firewall router, if the connections do not work, ensure that you have enabled inspection with the ip inspect (name defined) in or out command on the interface. In this configuration, ip inspect ethernetin in is applied for the interface Ethernet0/0.

For further information click this link.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008009445f.shtml#tshoot

252
Views
0
Helpful
1
Replies
This widget could not be displayed.